Recent findings from the annual QBE SME Survey indicate a worrying decline in the awareness of cyber risks among small and medium-sized enterprises (SMEs) in Singapore.
The survey, which involved 605 SME leaders and was conducted from December 2023 to January 2024, assessed the perceived operational risks in areas such as cybersecurity, artificial intelligence (AI), and workplace safety and health (WSH).
The results showed that less than half (47%) of the surveyed SME leaders consider themselves fully aware of cyber risks, a drop from 57% in the previous year. Despite a decrease in cyber-related incidents from 38% in 2023 to 25% in 2024, awareness of potential threats has not proportionally followed, possibly due to fewer recent incidents.
There was, however, an increase in the number of executives who are somewhat aware of cyber risks, rising from 40% to 48% this year, indicating a growing recognition of unfamiliar emerging risks.
Key concerns among respondents included malware, data breaches, and phishing attacks, with over 39% acknowledging each as a top risk.
The survey also highlighted an increase in the number of SMEs lacking adequate cyber risk measures, which doubled from 9% to 19% over the past year.
Shun Quan Goh (pictured), head of underwriting, retail and SME at QBE Singapore, emphasised the critical need for SMEs to adopt robust cybersecurity measures to mitigate these increasing threats.
“This number shows how vulnerable SMEs may be to cyber risks, and underscores the need for companies to educate, upskill, and protect themselves in this area. Businesses cannot afford to be complacent about cybersecurity; it really is a matter of when, and not if, a cyber breach happens,” he said.
In terms of cybersecurity defences, 59% of SMEs reported utilising software solutions, with additional strategies including employee training (46%), dedicated cybersecurity staff (44%), and policies to handle cyber risks (43%).
Notably, only 38% of SMEs have opted for cybersecurity insurance, although a majority (55%) are considering such coverage in the future.
“The cyber risk landscape evolves quickly, and it can be hard to keep up. This is reflected in our survey, with the majority of SME executives saying they don’t fully understand the threat domain. This is where insurance comes to the fore: not only can we help businesses manage and transfer the risk; we can help them stay ahead of emerging trends,” Goh said.
The survey also explored attitudes toward AI, revealing that most SMEs do not view AI as a direct threat to employment.
About one-third of the respondents (32%) expect AI to replace some jobs, but 30% see it as a potential business threat. Concerns about AI leading to cyberattacks, privacy breaches, and data leaks were relatively low.
Workplace safety has seen improvements, with 63% of SMEs reporting no incidents this year, an increase from 55% last year.
However, there has been a slight decline in the emphasis on mental health, with 89% of businesses acknowledging its importance, down from 94%. Measures to support employee well-being included flexible working hours and health and wellness benefits.
Ronak Shah, CEO of QBE Singapore, stressed the importance of proactive wellbeing and risk management strategies to help SMEs maintain resilience and competitive advantage.
“At QBE, we actively support SMEs in their efforts to prioritise employee wellbeing within their workplaces. Our aim is to empower SMEs to create positive organisational cultures while ensuring the security and support of their valued workforce. By taking proactive steps to address employee wellbeing and risk management, SMEs can strengthen their resilience and pave the way for sustained success in today’s competitive talent market,” he said.
Meanwhile, QBE Hong Kong found an increase in cyber awareness and defensive measures among SMEs in the country.